Dofoil variant more dangerous and aggressive

News of the Dofoil botnet's death has been greatly exaggerated. And, in fact, the latest Dofoil botnet is even “more dangerous and aggressive,” according to recent blog post from Fortinet.

Also known as Smoke Loader, Dofoil has been around for a few years but until recently no new variants of the bot had been observed and the command-and-control servers of previous variants were not accessible any longer, the blog said. Until September 2014, that is, when a new variant, sporting more features, emerged.

Dubbed W32/Zurgop.BK!tr.dldr by Fortinet, the variant uses the same command for fetching the module list as earlier iterations but now it is encrypted. Among the new, or improved, features are anti-VM and anti-bugging checks, dropped fil and attribute updates, a double map injection that only surfaced in the last two years, injected code and fake C&C traffic.

Techscape is SC Media’s content marketing platform. Industry experts share their views in the following categories

Partner Content is sponsored content brought to you by a vendor

SC Media arms cybersecurity professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.